Republican polling firm Victory Phones database was hacked

The databases of the Republican polling firm Victory Phones were hacked just after the 2016 election, exposing donor records.

Victory Phones, an automated phone research, and data compilation firm was hacked in January exposing data on hundreds of thousands of Americans who submitted donations to Republican political campaigns.

Victory Phones carries out polling on behalf of Republican candidates using phone calling, it also implemented a fundraising systems for the political campaigns.

According to ZDNet, who first reported the incident, the hack exposed several database files, one of them is a 223 gigabytes archive containing about two billion records

Experts believe the hackers targeted the company because they were primarily interested in individual donations made to political campaigns.

“According to public records, the company gave $207,602 to a campaign by Rand Paul (R-KY) and $79,646 to Martha Roby (R-AL). The company also gave $103,977 to the Republican Party of Michigan, where the company is located, and $64,229 to the Republican National Committee, among others.” reported ZDnet.

The popular cyber security expert Troy Hunt, who runs the data breach notification service Have I Been Pwned reached out to several individuals whose data was included in the stolen databases and all of those confirmed the authenticity of the information leaked online.

The Victory Phones was running an unsecured MongoDB installations as confirmed by the chief executive David Dishaw who added that the company never received a ransom note.

“We can confirm that in early January 2017, we were one of tens of thousands of users whose MongoDB instance was hacked. We received no ransom note or communication regarding this intrusion, in the immediate aftermath, or up until even now. We took steps to enhance the security of our data, and notified our users at that time of the breach. We will continue to keep them up to date as we come into any information that is relevant.”

MongoDB ransom attacks soared early this year, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the hackers implement an extortion mechanism copying and deleting data from vulnerable databases.

Crooks request the payment of a ransom in order to return data and help the company to fix the flaw they exploited. Late 2016, I reported the story of a mysterious attacker that went online with the harak1r1 moniker, he was breaking into unprotected MongoDB databases, stealing their content, and requesting for a 0.2 bitcoins (US$184) ransom to return the data.

The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild

ZDnet confirmed that at the time of writing, a Victory Phones’s server with an open database port is still indexed on Shodan.

“The breach may not be significant in terms of numbers of individuals affected compare to other breaches of voter information — much of the data is already public on the Federal Election Commission’s website. But the hack represents yet another data exposure at a time of heightened concern about election interference.” continues ZDNet.

Hunt confirmed that 75 percent of email addresses were already in Have I Been Pwned’s database.

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.